Semiconductor Engineering .:. System Bits: April 19

Debugging web apps MIT researchers reported that they've developed a system that can quickly comb through tens of thousands of lines of application code to find security flaws by exploiting some peculiarities of the Ruby on Rails web programming framework. The team said that in tests on 50 popular web applications written using Ruby on Rails, the system found 23 previously undiagnosed security flaws, and it took no more than 64 seconds to analyze any given program. Daniel Jackson, professor in the Department of Electrical Engineering and Computer Science, said the system uses static analysis, which seeks to describe, in a very general way, how data flows through a program. "The classic example of this is if you wanted to do an abstract analysis of a program that manipulates integers, you might divide the integers into the positive integers, the negative integers, and zero." The static analysis would then evaluate every operation in the program according to its effect on integers' signs.